Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Apple patches iPhone text message vulnerability

Apple has fixed a vulnerability in the iPhone that could have enabled hackers to send malicious text messages to either knock the device offline or execute remote code.

The patch arrived Friday, one day after researcher Charlie Miller and German Ph.D. student Collin Mulliner presented details on the flaw at the Black Hat conference in Las Vegas -- in one of the most attended talks of the show.

Miller described the memory corruption issue as a bug that could enable an attacker to launch a denial-of-service attack against a victim phone, preventing users from making phone calls, sending texts or accessing the internet and effectively downgrading their "iPhone into an iPod Touch." All a hacker would need to do is send a single, specially crafted SMS message, which would appear invisible to the user.

The vulnerability also could be exploited to do much more harm, Miller said. A barrage of malicious messages could enable an attacker to take complete control of the device. In his and Mulliner's test run, they sent 519 texts to a phone and were able to obtain control.

Miller did not reveal the complete exploit code at his talk but estimated that hackers will use the partial information he provided to develop working attack code within a couple of weeks.

Apple was notified of the flaw on June 18, and Miller said he expected a fix before the show.

The delay prompted some security observers to question whether Apple is as committed to security as it should be.

"Unfortunately, it looks like the security problems with [the] iPhone will continue to grow until Apple makes security a higher priority," said Andrew Storms, director of security operations at vulnerability management firm nCircle. "If there is a silver lining for iPhone users, it's that all of the security research attention it is getting could eventually turn the iPhone into one of the most secure mobile platforms."

An informal poll conducted at Black Hat by nCircle, in which 94 people voted on which mobile device would be most vulnerable to attack for the remainder of 2009, 56 percent of respondents chose the iPhone. An Apple spokesman could not be reached for comment.

Miller and Mulliner presented similar vulnerabilities affecting Google's Android, which has been patched, and Windows Mobile, which has not.

Apple, in a security advisory, said the patch is available for iPhone versions 1.0 through 3.0.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.